[strongSwan] Strongswan 4.5.2 sending IKEv2_INFORMATIONAL_REQUEST with wrong flags

Tobias Brunner tobias at strongswan.org
Fri Sep 7 15:57:35 CEST 2012

Hi Avishek,

>  I am talking about the INFORMATIONAL Delete Request for the old Child SA.
>  The flags are all Zero i.e 0x00.

What's wrong with that?  It is clearly a request so the response flag is
zero and if strongSwan was the initial responder (i.e. it did *not*
initiate the IKE_SA) then the initiator flag must also be zero (you did
not write if strongSwan was initiator or not) - this flag could only
change when the IKE_SA is rekeyed (not when CHILD_SAs are rekeyed).  The
version flag is always zero for IKEv2 and the rest of the bits are
reserved and zero too.


More information about the Users mailing list